From securityaffairs.co
Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability Report that analyzes the vulnerability landscape relevant to leading automation products used across the ICS domain.
The company reported that during the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors.
From securityboulevard.com
Vulnerabilities in production code continue to increase, including vulnerabilities in open source codebases. According to a recent report from Synopsys, the number of open source vulnerabilities increased over the past year to a record 84%. Part of this increase may be attributed to the need for organizations to get their applications to production quickly to meet the demands of a remote workforce. Rushing applications to production often means less-rigorous testing and the release of applications that still contain critical vulnerabilities.
From helpnetsecurity.com
Cybercriminals use increasingly complex deception methods, and cybersecurity can be unfamiliar, unintuitive, or inconvenient to operate, recent Mimecast research reveals. No wonder most successful cyberattacks are due to human error.
From hackread.com
ShinyHunters, the notorious hacker is claiming to have access to the AT&T database containing personal and sensitive records of more than 70 million customers.
For your information, AT&T Inc. is the largest provider of mobile telephone services in the U.S. and also the world’s largest telecommunications company.
In a post published on the infamous hacker forum and marketplace Raid Forums, ShinyHunters is offering the database for starting price of $200,000.
From securecoding.com
Cross-site scripting (often shortened to XSS) is a common security vulnerability that is more prevalent in web applications. It’s estimated that more than 60% of web applications are susceptible to XSS attacks, which eventually account for more than 30% of all web application attacks. The popular OWASP Top Ten document even lists XSS flaws as one of the critical threats to web application security.
This article talks about the cross-site scripting attack so that you can be equipped with the necessary knowledge to avoid it and practice secure coding.
From bleepingcomputer.com
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life.
The zero-day bug (tracked as CVE-2021-34730 and rated with a 9.8/10 severity score) is caused by improper validation of incoming UPnP traffic and was reported by Quentin Kaiser of IoT Inspector Research Lab.
Unauthenticated attackers can exploit it to restart vulnerable devices or execute arbitrary code remotely as the root user on the underlying operating system.
From securityboulevard.com
Who’s responsible for the security of your development and production environments?
Oftentimes, it’s not the security team alone, but the developers themselves. This trend is unlikely to change in the coming years as cloud-native architecture becomes the primary development methodology, making it harder for security teams to keep up with the scale and pace of DevOps.
APIs, the connective tissue that ties modern applications and services together, are increasingly vulnerable and under attack by cybercriminals. By 2024, it’s predicted that API abuses and related data breaches will nearly double in volume.
While APIs will play a vital role in the future of cloud-native architecture, the potential risk they pose today and in the future is significant. In fact, the number of new API vulnerabilities grew in 2020, with sensitive data exposure ranking as the most common vulnerability.